tech_documents:assp_adding_domain

How to add domains to an existing ASSP install based on “Install ASSP 2.x on CentOS 7.docx”

Add Domain in Web UI

Add your domain in:

Recipients/Local Domains/Transparent Recipients and Domains--> Local Domains* (localDomains)

The format should be like

domain1.com|domain2.com|domain3.com|domain4.com
Allow Relaying

This will allow relaying from the public IP of your MTA to ASSP

Relaying / Outgoing and Local Mail -> Accept All Mail* (acceptAllMail)

The format should be like

ip.add.re.ss|10.0.0.1|20.30.20.2|14.28.190.88
Add Domains in Postfix

Postfix will deliver your email to your MTA, define the destinations here per domain

Edit the Postfix Transport file
sudo vim /etc/postfix/transport

Add this to a file

test1-dom.com       smtp:[internalhost.domain.com]     # where internalhost.domain.com is your internal mail server
test2-dom.com       smtp:[internalhost.domain.com]     # if this is different mail server you can specify it here
test3-dom.com       smtp:[internalhost.domain.com]
test4-dom.com       smtp:[internalhost.domain.com]:235 # here we use a custom port so that port 25 isn't open to the public on the MTA
Generate the transport map
sudo postmap /etc/postfix/transport

This will create DKIM keys which will help validate your domain with other MTA

Generate Keys
sudo opendkim-genkey --domain=example.com --selector=default --verbose

This will produce two files named mail.private and mail.txt. Rename them to something more meaningful.

sudo mv default.private /etc/opendkim/keys/example.com.key
sudo mv default.txt /etc/opendkim/keys/example.com.dns
Set Permissions
sudo chown -R opendkim:opendkim /etc/opendkim/keys
sudo chmod -R 700 /etc/opendkim/keys
Update DNS Records

Once you have the keys from the above command you'll need to update the DNS with your domain registrar. Open the DNS file that was created, is should look something like this

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIb344400sDFjSSDDNADCBiQKBgQC8iQZE2Ri7oEVMPprWVwt1eLhf6kOl7e/ufXPJYoB3f4K7dynhxTc4QnhOIgDLbih5FnzqKzA49/cngexDcz36CoLySlcYHWIyqoj6iP/Yrn1svCR1vc1jTCFU7HkEVhJ1YqNIE2ZpnnKMR28SHR+rtxOKnk1xpxexHXCpWwMHKwIDAQAB" )  ; ----- DKIM key default for domainname.com

On your domain registrar create a TXT record.

Host: default._domainkey
TXT Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb344400sDFjSSDDNADCBiQKBgQC8iQZE2Ri7oEVMPprWVwt1eLhf6kOl7e/ufXPJYoB3f4K7dynhxTc4QnhOIgDLbih5FnzqKzA49/cngexDcz36CoLySlcYHWIyqoj6iP/Yrn1svCR1vc1jTCFU7HkEVhJ1YqNIE2ZpnnKMR28SHR+rtxOKnk1xpxexHXCpWwMHKwIDAQAB;
Trusted Hosts

Create a file of external hosts that DKIM should trust, one per line and comments are allowed, this should be the FQDN of any sending mail server that will relay through the ASSP server.

sudo vim /etc/opendkim/TrustedHosts

Here are example contents for our domain.

#
# External Hosts that OpenDKIM will Trust
edoceo.com
gcdn.org
he.edoceo.com
s001.edoceo.com
Key Table for Multiple Domains

This will map the domain key for each domain.

sudo vim /etc/opendkim/KeyTable
# $sender-pattern:$signing-domain:$keypath
default._domainkey.example.com example.com:default:/etc/opendkim/keys/example.com.key

default._domainkey.dom2.com dom2.com:default:/etc/opendkim/keys/dom2.com.2015.private

default._domainkey.dom3.com dom3.com:default:/etc/opendkim/keys/dom3.com.2015.private

default._domainkey.dom4.com dom4.com:default:/etc/opendkim/keys/dom4.com.2015.private
Update Signing Table
sudo vim /etc/opendkim/SigningTable
*@dom1.com mail._domainkey.dom1.com
*@dom2.com mail._domainkey.dom2.com
*@dom3.com mail._domainkey.dom3.com
*@dom3.com mail._domainkey.dom3.com
Restart Services
sudo systemctl restart opendkim.service
sudo systemctl restart postfix.service

On your domain registrar you'll want to add an SPF record. The record should be similar to the following:

Host: @
TXT Value: v=spf1 a:mail.dom1.com a:asspX.domX.com a:asspX2.domX.com a:smtp03.sec.haddentech.com -all

The value “a:” is an A record value and should include a record for each MTA/mail server and a record for each ASSP relay that you are going to send through.

Configure Dovecot SASL so external mail server can authenticate and send via ASSP

Create local OS user with passwords which represent the external mail servers:

sudo useradd mail.sendingmta1.com && passwd mail.sendingmta1.com

Use this as the user name and password to authenticated when sending from your MTA to ASSP as a relay/smarthost.

  • tech_documents/assp_adding_domain.txt
  • Last modified: 2022/01/12 06:12
  • by jacob.hydeman